Annual Report on the Privacy Act 2019–20
Table of contents
- General
- Purpose of the Privacy Act
- 1. Statistical report
- 2. Practices and procedures
- 3. Delegation of authority
- 4. Complaints and appeals to the Federal Court
- 5. Privacy impact assessments
- 6. Disclosure under paragraphs 8(2)(e) or (m) of the Privacy Act
- 7. Data matching activities
- 8. Privacy breaches
- 9. Compliance
- Annex A: Statistical Information
- Annex B: Delegation Order
General
The Canadian Nuclear Safety Commission (CNSC) regulates the use of nuclear energy and materials to protect health, safety, security and the environment; to implement Canada’s international commitments on the peaceful use of nuclear energy; and to disseminate objective scientific, technical and regulatory information to the public.
The CNSC’s mandate, derived from the Nuclear Safety and Control Act, involves four major areas:
- regulation of the development, production and use of nuclear energy in Canada to protect health, safety and the environment
- regulation of the production, possession, use and transport of nuclear substances, and the production, possession and use of prescribed equipment and prescribed information
- implementation of measures respecting international control of the development, production, transport and use of nuclear energy and substances, including measures respecting the nonproliferation of nuclear weapons and nuclear explosive devices
- dissemination of scientific, technical and regulatory information concerning the activities of the CNSC, and the effects on the environment and the health and safety of persons, of the development, production, possession, transport and use of nuclear substances
The CNSC also provides advice with respect to the implementation of the Nuclear Liability and Compensation Act, works in partnership with the Impact Assessment Agency to conduct impact assessments for nuclear projects subject to the Impact Assessment Act, 2019, and implements Canada’s bilateral agreement with the International Atomic Energy Agency on nuclear safeguards verification.
Purpose of the Privacy Act
The purpose of the Privacy Act is to extend the laws of Canada that protect the privacy of individuals for personal information about themselves held by a government institution and provide individuals with a right of access to that information.
Tabling of the annual report
This annual report is prepared and tabled in Parliament in accordance with section 72 of the Privacy Act.
1. Statistical report
I. Requests received under the Privacy Act
During the 2019–20 reporting period, the CNSC received five new requests pursuant to the Privacy Act. While this represents a significant decrease from the 19 requests closed in 2018–19, it is typical of the CNSC’s annual volume of requests received under this act.
The CNSC had no Privacy Act requests or issues related to this act during the period of March 16 to March 31, 2020; therefore, COVID-19 did not affect the CNSC’s ability to fulfill its Privacy Act responsibilities.
| 2015-16 | 2016-17 | 2017-18 | 2018-19 | 2019-20 | |
|---|---|---|---|---|---|
| Received | 9 | 1 | 4 | 19 | 5 |
| Closed | 9 | 2 | 4 | 19 | 5 |
| Outstanding | 1 | 1 | 0 | 0 | 0 |
| Carried Forward | 1 | 0 | 0 | 0 | 0 |
II. Costs
During 2019–20, the CNSC Access to Information and Privacy (ATIP) Office incurred $16,784 in salary costs and $4,881 in goods and services costs to administer the Privacy Act.
See annex A for further statistical information.
2. Practices and procedures
At the CNSC, the IT Operations and Service Delivery Division (ITOSDD), within the Information Management and Technology Directorate (IMTD), administers the Privacy Act.
Privacy requests are received by the Records Office and forwarded to the ATIP Office within ITOSDD.
The CNSC also receives privacy requests through the ATIP online request portal available through the Treasury Board Secretariat website. ATIP Office staff process the requests in consultation with the appropriate CNSC directorates and with external parties, where necessary.
The CNSC has one full-time employee who dedicates some of their time to activities related to the Privacy Act.
During 2019–20, the CNSC continued to concentrate on providing employee training on information management, the Access to Information Act, the Privacy Act and information security. This involved formal training over several sessions, including a directorate all-staff meeting of approximately 61 people, divisional sessions delivered to 33 people, and an inspection fundamentals program delivered to 23 people. There were also informal one-on-one awareness sessions.
All training and awareness sessions, both formal and informal, focused on informing employees of their responsibilities under the legislation. ITOSDD offers an integrated training approach, emphasizing the connections between sound information management practices and an effective ATIP program. The ATIP Office also provides advice and support as required.
Documentation and training materials on the CNSC’s ATIP program are available through the corporate intranet along with links to other materials, such as legislation, Treasury Board Secretariat policies and guidance documents, and a range of information management and guidance tools.
Where relevant, employees are informed about the Treasury Board Secretariat’s Directive on Privacy Impact Assessment. The CNSC has implemented internal procedures to guide employees and consultants through the privacy impact assessment process. These procedures reflect changes to the Privacy Act policy suite. Governance and project management methodologies are in place within the Information Management and Technology Directorate to ensure that privacy considerations are identified and addressed throughout the entire system development cycle. The Senior ATIP Advisor and the Director of the ITOSDD participate actively in systems development initiatives.
In 2019-20, an internal audit on the management of personal information at the CNSC was conducted. As a result of this audit, the CNSC produced a management action plan and is implementing new and updated policies, guidelines and procedures, as applicable.
3. Delegation of authority
The Governor in Council has delegated the authority to exercise the powers, duties and functions of the Privacy Act to the President of the CNSC. In turn, the President has designated the Vice-President of the Corporate Services Branch, the Director General of the Information Management and Technology Directorate, the Director of the IT Operations and Service Delivery Division and the Senior ATIP Advisor to exercise her powers, duties and functions, with respect to the Privacy Act.
See annex B for a copy of the instrument of delegation.
4. Complaints and appeals to the Federal Court
No complaints were registered with the Office of the Privacy Commissioner during the reporting period.
5. Privacy impact assessments
During the 2019–20 reporting period, one new privacy impact assessment was completed.
The CNSC posts summaries of completed privacy impact assessments on its external website and forwards copies of completed privacy impact assessment reports to the Office of the Privacy Commissioner.
6. Disclosure under paragraphs 8(2)(e) or 8(2)(m) of the Privacy Act
The CNSC did not make any disclosures of personal information under paragraphs 8(2)(e) or 8(2)(m) of the Privacy Act during the reporting period.
7. Data matching activities
The CNSC has no new data matching and sharing activities to report for this reporting period.
8. Privacy breaches
No material privacy breaches at the CNSC were reported to the Treasury Board Secretariat or the Office of the Privacy Commissioner during the reporting period.
9. Compliance
The CNSC achieved a compliance rating of 80% for completed privacy requests closed within the legislated time frame in 2019-20. Many factors led to this rate of compliance, including an electronic retrieval system in use since 2009. This electronic system has reduced the time needed for the ATIP Office to receive the required documents and prepare the files for review and approval. The ATIP Office has established a five-day service standard for subject matter experts to retrieve relevant records and obtain Director General sign-off. In addition, through training and awareness sessions, CNSC staff members were receptive to their obligations under the Privacy Act.
Annex A: Statistical Information
Name of institution: Canadian Nuclear Safety Commission
Reporting period: 2019-04-01 to 2020-03-31
Section 1: Requests Under the Privacy Act
| Number of Requests | |
|---|---|
| Received during reporting period | 5 |
| Outstanding from previous reporting period | 0 |
| Total | 5 |
| Closed during reporting period | 5 |
| Carried over to next reporting period | 0 |
Section 2: Requests Closed During the Reporting Period
| Disposition of Requests | Completion Time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 1 | 1 | 1 | 1 | 0 | 0 | 0 | 4 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 2 | 1 | 1 | 1 | 0 | 0 | 0 | 5 |
| Section | Number of Requests |
|---|---|
| 18(2) | 0 |
| 19(1)(a) | 0 |
| 19(1)(b) | 0 |
| 19(1)(c) | 0 |
| 19(1)(d) | 0 |
| 19(1)(e) | 0 |
| 19(1)(f) | 0 |
| 20 | 0 |
| 21 | 0 |
| 22(1)(a)(i) | 0 |
| 22(1)(a)(ii) | 0 |
| 22(1)(a)(iii) | 0 |
| 22(1)(b) | 0 |
| 22(1)(c) | 0 |
| 22(2) | 0 |
| 22.1 | 0 |
| 22.2 | 0 |
| 22.3 | 0 |
| 23(a) | 0 |
| 23(b) | 0 |
| 24(a) | 0 |
| 24(b) | 0 |
| 25 | 0 |
| 26 | 3 |
| 27 | 1 |
| 28 | 0 |
| Section | Number of Requests |
|---|---|
| 69(1)(a) | 0 |
| 69(1)(b) | 0 |
| 69.1 | 0 |
| 70(1) | 0 |
| 70(1)(a) | 0 |
| 70(1)(b) | 0 |
| 70(1)(c) | 0 |
| 70(1)(d) | 0 |
| 70(1)(e) | 0 |
| 70(1)(f) | 0 |
| 70.1 | 0 |
| Paper | Electronic | Other formats |
|---|---|---|
| 2 | 2 | 0 |
2.5 Complexity
| Number of Pages Processed | Number of Pages Disclosed | Number of Requests |
|---|---|---|
| 1568 | 366 | 4 |
| Disposition |
Less Than 100 Pages Processed |
101-500 Pages Processed |
501-1000 Pages Processed |
1001-5000 Pages Processed |
More Than 5000 Pages Processed |
|||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 1 | 5 | 2 | 157 | 0 | 0 | 1 | 204 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 1 | 5 | 2 | 157 | 0 | 0 | 1 | 204 | 0 | 0 |
| Disposition |
Consultation Required |
Legal Advice Sought |
Interwoven Information |
Other | Total |
|---|---|---|---|---|---|
| All disclosed | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 |
2.6 Closed requests
| Requests closed within legislated timelines | |
|---|---|
| Number of requests closed within legislated timelines | 4 |
| Percentage of requests closed within legislated timelines (%) | 80 |
2.7 Deemed refusals
| Number of Requests Closed Past the Statutory Deadline | Principal Reason | |||
|---|---|---|---|---|
| Workload | External Consultation | Internal Consultation | Other | |
| 1 | 0 | 0 | 1 | 0 |
| Number of Days Past Deadline | Number of Requests Past Legislated Timelines Where No Extension Was Taken | Number of Requests Past Legislated Timelines Where an Extension Was Taken | Total |
|---|---|---|---|
| 1 to 15 days | 0 | 1 | 1 |
| 16 to 30 days | 0 | 0 | 0 |
| 31 to 60 days | 0 | 0 | 0 |
| 61 to 120 days | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 |
| Total | 0 | 1 | 1 |
| Translation Requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Section 3: Disclosures Under Subsections 8(2) and 8(5)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
|---|---|---|---|
| 0 | 0 | 0 | 0 |
Section 4: Requests for Correction of Personal Information and Notations
| Disposition for Correction Requests Received | Number |
|---|---|
| Notations attached | 0 |
| Requests for correction accepted | 0 |
| Total | 0 |
Section 5: Extensions
| Number of requests where an extension was taken | 15(a)(i) Interference with Operations | 15(a)(ii) Consultation |
15(b) Translation purposes or Conversion |
|||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 2 | 1 | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
| Length of Extensions | 15(a)(i) Interference with Operations | 15(a)(ii) Consultation |
15(b) Translation purposes or Conversion |
|||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 days | 1 | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 days or greater | 0 | |||||||
| Total | 1 | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 6: Consultations Received From Other Institutions and Organizations
| Consultations | Other Government of Canada Institutions | Number of Pages to Review | Other Organizations | Number of Pages to Review |
|---|---|---|---|---|
| Received during reporting period | 0 | 0 | 0 | 0 |
| Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 |
| Closed during the reporting period | 0 | 0 | 0 | 0 |
| Pending at the end of the reporting period | 0 | 0 | 0 | 0 |
| Recommendation | Number of Days Required to Complete Consultation Requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More than 365 Days | Total | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Recommendation | Number of Days Required to Complete Consultation Requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More than 365 Days | Total | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 7: Completion Time of Consultations on Cabinet Confidences
| Number of Days | Fewer Than 100 Pages Processed | 101-500 Pages Processed |
501-1000 Pages Processed |
1001-5000 Pages Processed |
More than 5000 Pages Processed |
|||||
|---|---|---|---|---|---|---|---|---|---|---|
|
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Number of Days | Fewer Than 100 Pages Processed | 101‒500 Pages Processed |
501-1000 Pages Processed |
1001-5000 Pages Processed |
More than 5000 Pages Processed |
|||||
|---|---|---|---|---|---|---|---|---|---|---|
|
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 8: Complaints and Investigations Notices Received
| Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 0 | 0 | 0 | 0 | 0 |
Section 9: Privacy Impact Assessments (PIA) and Personal Information Banks (PIB)
| Number of PIA(s) completed | 0 |
|---|
| Personal Information Banks | Active | Created | Terminated | Modified |
|---|---|---|---|---|
| 69 | 0 | 0 | 0 |
Section 10: Material Privacy Breaches
| Number of material privacy breaches reported to TBS | 0 |
|---|---|
| Number of material privacy breaches reported to OPC | 0 |
Section 11: Resources Related to the Privacy Act
| Expenditures | Amount |
|---|---|
| Salaries | $16,784 |
| Overtime | $0 |
| Goods and Services | $4,881 |
|
Professional services contracts
|
$0 |
|
Other
|
$4,881 |
| Total | $21,665 |
| Resources | Person Years Dedicated to Privacy Activities |
|---|---|
| Full-time employees | 0.20 |
| Part-time and casual employees | 0.00 |
| Regional staff | 0.00 |
| Consultants and agency personnel | 0.00 |
| Students | 0.00 |
| Total | 0.20 |
Annex B: Delegation order
The President of the Canadian Nuclear Safety Commission, pursuant to section 73 of the Access to Information Act and section 73 of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the President as the head of the Canadian Nuclear Safety Commission, under the provisions of the Act and related regulations set out in the schedule opposite each position. This designations replaces all previous delegation orders.
| Position | Privacy Act and Regulations | Access to Information Act and Regulations |
|---|---|---|
| Vice-President, Corporate Services Branch | Full authority | Full authority |
| Director General, Information Management and Technology Directorate | Full authority | Full authority |
| Director, Information Management Division | Full authority | Full authority |
| Senior ATIP Advisor | Full authority | Full authority |
Original signed by
Rumina Velshi
President
Canadian Nuclear Safety Commission
Date: July 29, 2020
Page details
- Date modified: